diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-30 20:40:53 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-30 20:40:53 +0000 |
| commit | 644bdcae0edf0cfa3ac9644edf3b52a0d3162489 (patch) | |
| tree | 64b3ab5519929c10d59e3b58f4415ffdafcde2c8 /net/socket | |
| parent | 48f619d8bd9a264f14ce4b62a935e05df015432b (diff) | |
| download | chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.zip chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.tar.gz chromium_src-644bdcae0edf0cfa3ac9644edf3b52a0d3162489.tar.bz2 | |
Linux: add next-protocol-negotiation to libssl.
This is an experimental, client only implementation of
next-protocol-negotiation:
http://www.imperialviolet.org/binary/draft-agl-tls-nextprotoneg-00.html
This only affects the internal copy of libssl and is only active when
built with use_system_ssl=0, which is not currently the default.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33327 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 155d3e5..865c6c6 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -317,6 +317,17 @@ int SSLClientSocketNSS::InitializeSSLOptions() { LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; #endif +#ifdef SSL_NEXT_PROTO_NEGOTIATED + if (!ssl_config_.next_protos.empty()) { + rv = SSL_SetNextProtoNego( + nss_fd_, + reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()), + ssl_config_.next_protos.size()); + if (rv != SECSuccess) + LOG(INFO) << "SSL_SetNextProtoNego failed."; + } +#endif + rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); if (rv != SECSuccess) return ERR_UNEXPECTED; @@ -510,6 +521,38 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->cert_status = server_cert_verify_result_.cert_status; DCHECK(server_cert_ != NULL); ssl_info->cert = server_cert_; + +#ifdef SSL_NEXT_PROTO_NEGOTIATED + unsigned char npn_buf[255]; + unsigned npn_len; + int npn_status; + SECStatus rv = SSL_GetNextProto(nss_fd_, &npn_status, npn_buf, &npn_len, + sizeof(npn_buf)); + if (rv != SECSuccess) { + npn_status = SSL_NEXT_PROTO_NO_SUPPORT; + } + + if (npn_status == SSL_NEXT_PROTO_NO_SUPPORT) { + ssl_info->next_proto_status = SSLInfo::kNextProtoUnsupported; + ssl_info->next_proto.clear(); + } else { + ssl_info->next_proto = + std::string(reinterpret_cast<const char *>(npn_buf), npn_len); + switch (npn_status) { + case SSL_NEXT_PROTO_NEGOTIATED: + ssl_info->next_proto_status = SSLInfo::kNextProtoNegotiated; + break; + case SSL_NEXT_PROTO_NO_OVERLAP: + ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; + break; + default: + LOG(ERROR) << "Unknown npn_status: " << npn_status; + ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; + break; + } + } +#endif + LeaveFunction(""); } |